RE: HELP! Error /w Wireless Client Connecting to Win2003 Server /w IAS
- From: "Charlie" <Charlie@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 30 Nov 2005 06:05:09 -0800
Hi,
Im having the same problem with a similar setup. Any solution to this problem?
The error I am seeing in my event logs is:
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 11/30/2005
Time: 9:02:58 AM
User: N/A
Computer: WESTWARD
Description:
User username was denied access.
Fully-Qualified-User-Name = my user name
NAS-IP-Address = 192.168.0.128
NAS-Identifier = R035-00022
Called-Station-Identifier = 00-03-52-EB-88-F0
Calling-Station-Identifier = 00-90-4B-17-B7-2C
Client-Friendly-Name = WAC
Client-IP-Address = 192.168.0.128
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Users
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 22
Reason = The client could not be authenticated because the Extensible
Authentication Protocol (EAP) Type cannot be processed by the server.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....
"Christopher C. Welber" wrote:
>
>
>
> --PROBLEM:
>
> The wireless client [Dell notebook] system goes to authenticate with windows
> 2003 server and it looks like the authentication is making it to the server
> because we turned logging on and could see that there was some type of hand
> shaking and access of the active directory for the user and then the system
> kicks back the following error:
>
>
>
> "The client could not be authenticated because the Extensible Authentication
> Protocol EAP type can not be processed by the server"
>
>
>
> We assume it means the windows 2003 server..
>
>
>
> We have the following configuration [Complete Event Log Error Listed at the
> End of This Message]:
>
>
>
>
>
> --System Configuration
>
>
>
> Windows Server 2003 Standard
>
> Configuration:
>
> - Base Server /w Latest MS Updates
>
> - IAS installed
>
> - CA Authority with certificates installed
>
> - This server is part of a multiple-site domain connected through a cisco
> style VPN connection
>
> - Wireless policy is configured both in Active Directory & the IAS wireless
> policy component
>
> - There is a wireless group of it given access in the IAS wireless policy we
> created and the test user has the Dial-In property enabled with "Control
> Access Through Remote Access Policy" radio button selected.
>
> - The Cisco IP is entered as a radius client under IAS service clients tab
> and the shared secret password setup.
>
>
>
> In the IAS Profile:
>
> - We have all of the authentication methods unchecked, but I think it kicked
> out the same error whether we had everything checked or not.
>
> - Everything is checked in the Encryption tab
>
> - In the advanced tab we have service of Radius Standard and framed selected
>
> - Server settings determine IP assignment, but I don't think were even
> making it that far
>
> - No Dial-in constraints selected
>
>
>
> In the Wireless policy in Active Directory:
>
> - Networks to access "Access point [infrastructure only] networks only"
>
> - Preferred Networks the access SSID is listed with network authentication
> of WPA, data encryption TRIP
>
> - Under IEEE 802.1x tab, EAPOL Start message is "Transmit per IEEE 802.1x",
> EAP type is "Protected EAP [PEAP] [under these settings the certificate is
> correctly selected we believe that was assigned to the server when we
> created the CA, authentication method is EAP-MSCHAP v2]
>
>
>
>
>
> Cisco Airoport 1100 Wireless Access Unit
>
> Configuration:
>
> Radius server is set to be the server /w shared secret password setup
>
> PAP, TKIP are enabled on the wireless access point
>
>
>
>
>
> Dell Notebook:
>
> Configuration
>
> /w wireless adapter enabled for WPA
>
>
>
>
>
> Error Log Event Properties of the error are:
>
> Source: IAS
>
> Event ID: 2
>
> Type: Warning
>
> NAS IP: 10.10.10.5 [The Cisco Equipment]
>
> Client IP: 10.10.10.5
>
> NAS PORT Type: 802.11
>
> NAS PORT 1042
>
> Proxy-Policy Name: Use Windows authentication for all users
>
> Authentication Provide: Windows
>
> Authentication-Server = <undetermined>
>
> Policy-name = Gws-wireless [this is the policy we created in IAS Server]
>
> Reason Code = 22
>
> Reason:
>
> "The client could not be authenticated because the Extensible Authentication
> Protocol EAP type can not be processed by the server"
>
>
>
>
>
>
.
- Prev by Date: Re: "Why has there been no articles in the popular web sites about the IE zero day vulnerability?"
- Next by Date: Re: XP internet security broken
- Previous by thread: Re: "Why has there been no articles in the popular web sites about the IE zero day vulnerability?"
- Next by thread: Re: XP internet security broken
- Index(es):
Relevant Pages
|
